Custom Query (1070 matches)

1) Being able to stop or at least slow down brute force attach, by only allow i.e 5 login tryes from an IP address, when you have tried 3-5 or any number of times whitout success the account should be disabled for instance 30 min.

You can do this by extending the account table in the DB to include:

Last-unsuccesful-login : long date time Period-of-unsuccesful-tries: Integer Last-login-IP: String Max-Login-tries: byte Login-wait-time-in-min: integer

Then when you unsucessful try to login from Last-login-IP, Max-Login-tries times the account will be disabled Login-wait-time-in-min minutes. if you login successful, it clears the entries..

The only downside to this is if you do a reverse proxy to you LogicalDoc? you have the same IP, but that should just be stated in the documentation..

2) Be able to stop loggin on as admin unless he comes from the servers ip OR 127.0.0.1

3) The username should not be restricted by any charaters or the following charaters should be the only not allowed: [ ] : ; | = + ? < > * " This is the same as Microsoft is using.

4) Allow all imported users(from LDAP) beeing disabled insted og enabled.

5) Segregate the users in domains. If you allow a fictive domain i.e MyCompnay?, when you login you could sell the as a hoster, then you only need to create a domain for the company which you are hosting the application for.

ex. Login name: Gert Password: Jensen Domain: MS-Team

LDOC shoud reject login requests coming from a blacklist of IPs or can just accepts logins from a white list of IPs.

In addition this lists should be binded to each specific user.

When a user want to send a document or a download tiket should be able to use HTML to format the text message.